diff --git a/nix/nixos-module/container/upstream.nix b/nix/nixos-module/container/upstream.nix
index 814ff00..d5a1a7d 100644
--- a/nix/nixos-module/container/upstream.nix
+++ b/nix/nixos-module/container/upstream.nix
@@ -61,12 +61,14 @@ in
     externalIP = staticIpv4Address;
     extraCommands = ''
       # Prohibit SMTP except for servers
-      iptables -N fwd_smtp
+      iptables -N fwd_smtp || \
+        iptables -F fwd_smtp
       iptables -A fwd_smtp --source ${config.site.net.serv.subnet4} -j RETURN
       iptables -A fwd_smtp -j REJECT
       iptables -I FORWARD -p tcp --dport 25 -j fwd_smtp
 
-      ip6tables -N fwd_smtp
+      ip6tables -N fwd_smtp \\
+        ip6tables -F fwd_smtp
       ${lib.concatMapStrings (subnet6: ''
         ip6tables -A fwd_smtp --source ${subnet6} -j RETURN
         ip6tables -A fwd_smtp --dest ${subnet6} -j RETURN